Skip to content

Commit 6af3052

Browse files
natemccurdyaustb
natemccurdy
authored and
austb
committed
Allow the database password to be unmanaged
1 parent b13133c commit 6af3052

8 files changed

Lines changed: 62 additions & 2 deletions

File tree

README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -403,6 +403,12 @@ The name of the database user to connect as. Defaults to `puppetdb`, ignored for
403403
The password for the database user. Defaults to `puppetdb`, ignored for
404404
`embedded` database.
405405

406+
#### `manage_db_password`
407+
408+
Whether or not the database password in database.ini will be managed by this module.
409+
Set this to `false` if you want to set the password some other way.
410+
Defaults to `true`
411+
406412
#### `database_name`
407413

408414
The name of the database instance to connect to. Defaults to `puppetdb`, ignored
@@ -561,6 +567,12 @@ option is supported in PuppetDB >= 1.6.
561567
The password for the read database user. Defaults to `puppetdb`. This option is
562568
supported in PuppetDB >= 1.6.
563569

570+
#### `manage_read_db_password`
571+
572+
Whether or not the database password in read-database.ini will be managed by this module.
573+
Set this to `false` if you want to set the password some other way.
574+
Defaults to `true`
575+
564576
#### `read_database_name`
565577

566578
The name of the read database instance to connect to. Defaults to `puppetdb`.

manifests/init.pp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030
$database_username = $puppetdb::params::database_username,
3131
$database_password = $puppetdb::params::database_password,
3232
$database_name = $puppetdb::params::database_name,
33+
$manage_db_password = $puppetdb::params::manage_db_password,
3334
$jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,
3435
$database_listen_address = $puppetdb::params::postgres_listen_addresses,
3536
$database_validate = $puppetdb::params::database_validate,
@@ -53,6 +54,7 @@
5354
$read_database_username = $puppetdb::params::read_database_username,
5455
$read_database_password = $puppetdb::params::read_database_password,
5556
$read_database_name = $puppetdb::params::read_database_name,
57+
$manage_read_db_password = $puppetdb::params::manage_read_db_password,
5658
$read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,
5759
$read_database_validate = $puppetdb::params::read_database_validate,
5860
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
@@ -105,6 +107,7 @@
105107
database_username => $database_username,
106108
database_password => $database_password,
107109
database_name => $database_name,
110+
manage_db_password => $manage_db_password,
108111
jdbc_ssl_properties => $jdbc_ssl_properties,
109112
database_validate => $database_validate,
110113
database_embedded_path => $database_embedded_path,
@@ -130,6 +133,7 @@
130133
read_database_username => $read_database_username,
131134
read_database_password => $read_database_password,
132135
read_database_name => $read_database_name,
136+
manage_read_db_password => $manage_read_db_password,
133137
read_database_jdbc_ssl_properties => $read_database_jdbc_ssl_properties,
134138
read_database_validate => $read_database_validate,
135139
read_log_slow_statements => $read_log_slow_statements,

manifests/params.pp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
$database_name = 'puppetdb'
3333
$database_username = 'puppetdb'
3434
$database_password = 'puppetdb'
35+
$manage_db_password = true
3536
$jdbc_ssl_properties = ''
3637
$database_validate = true
3738
$database_max_pool_size = undef
@@ -57,6 +58,7 @@
5758
$read_database_name = 'puppetdb'
5859
$read_database_username = 'puppetdb'
5960
$read_database_password = 'puppetdb'
61+
$manage_read_db_password = true
6062
$read_database_jdbc_ssl_properties = ''
6163
$read_database_validate = true
6264
$read_log_slow_statements = '10'

manifests/server.pp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
$database_username = $puppetdb::params::database_username,
2626
$database_password = $puppetdb::params::database_password,
2727
$database_name = $puppetdb::params::database_name,
28+
$manage_db_password = $puppetdb::params::manage_db_password,
2829
$jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,
2930
$database_validate = $puppetdb::params::database_validate,
3031
$database_embedded_path = $puppetdb::params::database_embedded_path,
@@ -47,6 +48,7 @@
4748
$read_database_username = $puppetdb::params::read_database_username,
4849
$read_database_password = $puppetdb::params::read_database_password,
4950
$read_database_name = $puppetdb::params::read_database_name,
51+
$manage_read_db_password = $puppetdb::params::manage_read_db_password,
5052
$read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,
5153
$read_database_validate = $puppetdb::params::read_database_validate,
5254
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
@@ -161,6 +163,7 @@
161163
database_username => $database_username,
162164
database_password => $database_password,
163165
database_name => $database_name,
166+
manage_db_password => $manage_db_password,
164167
database_max_pool_size => $database_max_pool_size,
165168
jdbc_ssl_properties => $jdbc_ssl_properties,
166169
database_validate => $database_validate,
@@ -186,6 +189,7 @@
186189
database_username => $read_database_username,
187190
database_password => $read_database_password,
188191
database_name => $read_database_name,
192+
manage_db_password => $manage_read_db_password,
189193
jdbc_ssl_properties => $read_database_jdbc_ssl_properties,
190194
database_validate => $read_database_validate,
191195
log_slow_statements => $read_log_slow_statements,

manifests/server/database.pp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
$database_username = $puppetdb::params::database_username,
77
$database_password = $puppetdb::params::database_password,
88
$database_name = $puppetdb::params::database_name,
9+
$manage_db_password = $puppetdb::params::manage_db_password,
910
$jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,
1011
$database_validate = $puppetdb::params::database_validate,
1112
$database_embedded_path = $puppetdb::params::database_embedded_path,
@@ -89,7 +90,7 @@
8990
value => $database_username,
9091
}
9192

92-
if $database_password != undef {
93+
if $database_password != undef and $manage_db_password {
9394
ini_setting {'puppetdb_psdatabase_password':
9495
setting => 'password',
9596
value => $database_password,

manifests/server/read_database.pp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
$database_username = $puppetdb::params::read_database_username,
77
$database_password = $puppetdb::params::read_database_password,
88
$database_name = $puppetdb::params::read_database_name,
9+
$manage_db_password = $puppetdb::params::manage_read_db_password,
910
$jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,
1011
$database_validate = $puppetdb::params::read_database_validate,
1112
$log_slow_statements = $puppetdb::params::read_log_slow_statements,
@@ -79,7 +80,7 @@
7980
value => $database_username,
8081
}
8182

82-
if $database_password != undef {
83+
if $database_password != undef and $manage_db_password {
8384
ini_setting { 'puppetdb_read_database_password':
8485
setting => 'password',
8586
value => $database_password,

spec/unit/classes/init_spec.rb

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,24 @@ class { 'postgresql::server':
4848
it { is_expected.not_to contain_postgresql__server__db('puppetdb') }
4949
end
5050
end
51+
52+
context 'when not managing the database password' do
53+
let(:params) do
54+
{
55+
'manage_db_password' => false,
56+
'manage_read_db_password' => false,
57+
'read_database_host' => '10.0.0.1', # Make sure the read_database class is enforced.
58+
}
59+
end
60+
61+
describe 'ini_setting entries for the password will not exist' do
62+
it { is_expected.to contain_class('puppetdb::server').with('manage_db_password' => false) }
63+
it { is_expected.to contain_class('puppetdb::server').with('manage_read_db_password' => false) }
64+
65+
it { is_expected.not_to contain_ini__setting('puppetdb_psdatabase_password') }
66+
it { is_expected.not_to contain_ini__setting('puppetdb_read_database_password') }
67+
end
68+
end
5169
end
5270
end
5371

spec/unit/classes/server_spec.rb

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -151,6 +151,24 @@
151151
it { is_expected.not_to contain_systemd__unit_file('puppetdb-dlo-cleanup.timer') }
152152
end
153153
end
154+
155+
context 'when not managing the database password' do
156+
let(:params) do
157+
{
158+
'manage_db_password' => false,
159+
'manage_read_db_password' => false,
160+
'read_database_host' => '10.0.0.1', # Make sure the read_database class is enforced.
161+
}
162+
end
163+
164+
describe 'ini_setting entries for the password will not exist' do
165+
it { is_expected.to contain_class('puppetdb::server::database').with('manage_db_password' => false) }
166+
it { is_expected.to contain_class('puppetdb::server::read_database').with('manage_db_password' => false) }
167+
168+
it { is_expected.not_to contain_ini__setting('puppetdb_psdatabase_password') }
169+
it { is_expected.not_to contain_ini__setting('puppetdb_read_database_password') }
170+
end
171+
end
154172
end
155173
end
156174
end

0 commit comments

Comments
 (0)